-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/4/2011 3:58 PM, Platonides wrote:
That's strange. Do you have the language files up to date?
I have no idea. I'm starting from a clean yet slightly tweaked copy of the 1.18.0 code (I have a custom skin derived from MonoBook), and I made sure to run maintenance/update.php to update my database during the upgrade. I've also run maintenance/rebuildLocalisationCache.php, which was requested when someone else was trying to debug my prior upgrade issues. Beyond these steps, I've never had to "update my language files" before.
Try manually going to the userlogin page in HTTPS and submitting from there. Does it work?
That's pretty much what I'm doing. I'm going to my wiki main page (which by default is in HTTP mode), then clicking on the "log in" link in the upper right corner. The browser sends its request in HTTP mode, my mod_rewrite rules bounce the URL to HTTPS mode, and I get the secure login form. Above the login form it states "You must have cookies enabled to log in to The Official GPF Wiki." Attempting to log in from here results in the error originally described.
I tried copying and pasting the URL into a separate tab in my browser with the same results.
As stated previously, this worked fine in 1.17 and stopped working with 1.18.0.
If the cookie was originally set in http, it should still be present in https, though.
I don't have any cookies currently set for the wiki; it's been long enough since my last login that those cookies have expired. However, because of the mod_rewrite rule, the previous cookies should have been set via HTTPS.
My observation in the past was that (in versions <= 1.17) MediaWiki seemed to stay in HTTPS mode after login, which was fine by me since I prefer keeping my logged in sessions secure. If I manually switched back to HTTP mode after login (i.e. I edited the address bar to switch the protocol back) it usually "forget" I was logged in, which would imply that the cookies were being set HTTPS-only. However, I can't even get that far now; now the cookies aren't being set at all. Looking at the request and response exchange in Firebug, it doesn't look like MediaWiki is even sending the Set-Cookie header.
I should also point out that I hacked my phpBB installation to also perform secure logins like this, yet to keep normal activity (browsing, posting, most non-admin, non-user control panel stuff) in HTTP. Never had a problem here. My custom subscription code across the site works fine as well, set while in HTTPS mode but readable via HTTP. And since everything seemed to work fine in 1.17 and it broke as soon as I updated to 1.18, I can't help but be suspicious that the new code may be at fault.
The only setting that might matter is if you have $wgCookieSecure = true; mediawiki is sending secure cookies through http, and your browser is rejecting them.
$wgCookieSecure is set to the default, false. The only time I've ever changed it was in trying to get the login to work post-update to 1.18.0, and it seems to have no effect on my success. It doesn't work either way.
Is your wiki available somewhere?
It's publicly available in read-only mode; I'm the only one with admin privileges, and nobody else has or can create a login. I've been planning on taking on a few volunteer wiki-wranglers, but I haven't started taking applications yet. You can take a look if you want, but since you won't be able to log in anyway I don't know if that will help.
http://www.gpf-comics.com/wiki/
On 12/2/2011 9:18 PM, Steve VanSlyck wrote:
Great site, Jeff. I smiled at your last sentence. I usually do something stoopid both before AND after filing a bug report.
Thanks. I always hate having to post requests to bug trackers and support mailing lists, as I always feel like I'm coming off about a 100 IQ points lower than reality. I've been on the other side of the software support fence and I hate having to try and debug anything remotely, because I hate having to treat someone looking for help like they don't know what they're talking about. It's like a corollary of Murphy's Law: If anything can be said to make you sound stupid, you *will* say it.
- --
Jeff Darlington General Protection Fault http://www.gpf-comics.com/